Issued:

2014-10-13

Updated:

2014-10-13

RHBA-2014:1512 - certmonger bug fix and enhancement update

Synopsis

certmonger bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Topic

Updated certmonger packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.

Description

The certmonger service monitors certificates, warning of their impending expiration, and optionally attempting to re-enroll with supported Certificate Authorities (CA).

The certmonger packages have been upgraded to upstream version 0.75.13, which provides a number of bug fixes and enhancements over the previous version including:

• support for retrieving an IPA server's root certificate and optionally storing it to specified locations
• improvements in how the certmonger daemon handles disconnection from the system message bus
• improvements in how the certmonger daemon runs enrollment helpers and parses results returned by them
• fixed bug causing unexpected termination if an attempt to save a certificate failed
• fixed incorrect use of the libdbus library that triggered the _dbus_abort() function
• fixed segmentation fault with incorrectly structured entries in the /var/lib/certmonger/cas/ directory (BZ#1098208, BZ#948993, BZ#1032760, BZ#1103090, BZ#1115831)

This update also fixes the following bugs:

• This update fixes the implementation of the remove_known_ca dbus call in the certmonger package to prevent the certmonger daemon from terminating unexpectedly when called by remove_known_ca. (BZ#1125342)

In addition, this update adds the following enhancements:

• This update adds the certmonger_selinux manual page to document the effect that SELinux has in limiting the allowed access to locations for the certmonger daemon. Also, the selinux.txt document has been added to the certmonger package to provide more details about interaction with SELinux. A reference to certmonger_selinux and selinux.txt has been added to other certmonger man pages. (BZ#1027265)

Users of certmonger are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

Affected Products

Updated Packages

• certmonger-debuginfo-0.75.13-1.el6.x86_64.rpm
• certmonger-0.75.13-1.el6.x86_64.rpm
• certmonger-0.75.13-1.el6.i686.rpm
• certmonger-debuginfo-0.75.13-1.el6.ppc64.rpm
• certmonger-0.75.13-1.el6.ppc64.rpm
• certmonger-0.75.13-1.el6.src.rpm
• certmonger-debuginfo-0.75.13-1.el6.s390x.rpm
• certmonger-debuginfo-0.75.13-1.el6.i686.rpm
• certmonger-0.75.13-1.el6.s390x.rpm

Fixes

• This content is not included.BZ - 948993
• This content is not included.BZ - 1027265
• This content is not included.BZ - 1032760
• This content is not included.BZ - 1098208
• This content is not included.BZ - 1103090
• This content is not included.BZ - 1118468
• This content is not included.BZ - 1125342
• This content is not included.BZ - 1126985
• This content is not included.BZ - 1129537
• This content is not included.BZ - 1129696

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.